Cisco

300-715

Implementing and Configuring Cisco Identity Services Engine

https://killexams.com/pass4sure/exam-detail/300-715

Question: 143

What is the purpose of the ip http server command on a switch? A . It enables the https server for users for web authentication

B . It enables MAB authentication on the switch

C . It enables the switch to redirect users for web authentication. D . It enables dot1x authentication on the switch.

Answer: C

Question: 144

What service can be enabled on the Cisco ISE node to identity the types of devices connecting to a network? A . MAB

B . profiling C . posture

D . central web authentication

Answer: B

Question: 145

In which two ways can users and endpoints be classified for TrustSec? (Choose two) A . VLAN

B . SXP

C . dynamic D . QoS

E . SGACL

Answer: AE

Question: 146

If a user reports a device lost or stolen, which portal should be used to prevent the device from accessing the network while still providing information about why the device is blocked? A . Client Provisioning

B . Guest C . BYOD

D . Blacklist

Answer: D Explanation:

https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/ BY OD_Design_Guide/Managing_Lost_or_Stolen_Device.html#90273

The Blacklist identity group is system generated and maintained by ISE to prevent access to lost or stolen devices. In this design guide, two authorization profiles are used to enforce the permissions for wireless and wired devices within the Blacklist:

Blackhole WiFi Access Blackhole Wired Access

Question: 147

Which Cisco ISE component intercepts HTTP and HTTPS requests and redirects them to the Guest User Portal? A . network access device

B . Policy Service node C . Monitoring node

D . Administration node

Answer: A

Question: 148

Which two features must be used on Cisco ISE to enable the TACACS. feature? (Choose two) A . Device Administration License

B . Server Sequence C . Command Sets

D . Device Admin Service

E . External TACACS Servers

Answer: E

Question: 149

What gives Cisco ISE an option to scan endpoints for vulnerabilities? A . authorization policy

B . authentication policy C . authentication profile D . authorization profile

Answer: D

Question: 150

Which supplicant(s) and server(s) are capable of supporting EAR-CHAINING? A . Cisco AnyConnect NAM and Cisco Identity Service Engine

B . Cisco AnyConnect NAM and Cisco Access Control Server

C . Cisco Secure Services Client and Cisco Access Control Server D . Windows Native Supplicant and Cisco Identity Service Engine

Answer: A

Question: 151

When configuring Active Directory groups, what does the Cisco ISE use to resolve ambiguous group names? A . MIB

B . TGT

C . OMAB D . SID

Answer: D

Question: 152

What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two)

A . updates

B . remediation actions

C . Client Provisioning portal D . conditions

E . access policy

Answer: BD

Question: 153

Which interface-level command is needed to turn on 802 1X authentication? A . Dofl1x pae authenticator

B . dot1x system-auth-control

C . authentication host-mode single-host D . aaa server radius dynamic-author

Answer: A

Question: 154

Which two values are compared by the binary comparison function in authentication that is based on Active Directory? (Choose Two) A . subject alternative name and the common name

B . MS-CHAFV2 provided machine credentials and credentials stored in Active Directory C . user-presented password hash and a hash stored in Active Directory

D . user-presented certificate and a certificate stored in Active Directory

Answer: AB Explanation:

Basic certificate checking does not require an identity source. If you want binary comparison checking for the certificates, you must select an identity source. If you select Active Directory as an identity source, subject and common name and subject alternative name (all values) can be used to look up a user.

https://www.cisco.com/c/en/us/td/docs/security/ise/1- 3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_01110.html

Question: 155

During BYOD flow, from where does a Microsoft Windows PC download the Network Setup Assistant? A . Cisco App Store

B . Microsoft App Store C . Cisco ISE directly

D . Native OTA functionality

Answer: A

Question: 156

What does the dot1x system-auth-control command do?

A . causes a network access switch not to track 802.1x sessions B . globally enables 802.1x

C . enables 802.1x on a network access device interface

D . causes a network access switch to track 802.1x sessions

Answer: B

Explanation: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/XE3-8-0E/15- 24E/configuration/guide/xe-380-configuration/dot1x.html

Question: 157

What are two benefits of TACACS+ versus RADIUS for device administration? (Choose two) A . TACACS+ supports 802.1X, and RADIUS supports MAB

B . TACACS+ uses UDP, and RADIUS uses TCP

C . TACACS+ has command authorization, and RADIUS does not. D . TACACS+ provides the service type, and RADIUS does not

E . TACACS+ encrypts the whole payload, and RADIUS encrypts only the password.

Answer: CE

Question: 158

Which two fields are available when creating an endpoint on the context visibility page of Cisco IS? (Choose two) A . Policy Assignment

B . Endpoint Family

C . Identity Group Assignment D . Security Group Tag

E . IP Address

Answer: AC

6$03/( 48(67,216

7KHVH TXHVWLRQV DUH IRU GHPR SXUSRVH RQO\ )XOO YHUVLRQ LV XS WR GDWH DQG FRQWDLQV DFWXDO TXHVWLRQV DQG DQVZHUV

.LOOH[DPV FRP LV DQ RQOLQH SODWIRUP WKDW RIIHUV D ZLGH UDQJH RI VHUYLFHV UHODWHG WR FHUWLILFDWLRQ H[DP SUHSDUDWLRQ 7KH SODWIRUP SURYLGHV DFWXDO TXHVWLRQV H[DP GXPSV DQG SUDFWLFH WHVWV WR KHOS LQGLYLGXDOV SUHSDUH IRU YDULRXV FHUWLILFDWLRQ H[DPV ZLWK FRQILGHQFH +HUH DUH VRPH NH\ IHDWXUHV DQG VHUYLFHV RIIHUHG E\ .LOOH[DPV FRP

$FWXDO ([DP 4XHVWLRQV .LOOH[DPV FRP SURYLGHV DFWXDO H[DP TXHVWLRQV WKDW DUH H[SHULHQFHG LQ WHVW FHQWHUV 7KHVH TXHVWLRQV DUH XSGDWHG UHJXODUO\ WR HQVXUH WKH\ DUH XS WR GDWH DQG UHOHYDQW WR WKH ODWHVW H[DP V\OODEXV %\ VWXG\LQJ WKHVH DFWXDO TXHVWLRQV FDQGLGDWHV FDQ IDPLOLDUL]H WKHPVHOYHV ZLWK WKH FRQWHQW DQG IRUPDW RI WKH UHDO H[DP

([DP 'XPSV .LOOH[DPV FRP RIIHUV H[DP GXPSV LQ 3') IRUPDW 7KHVH GXPSV FRQWDLQ D FRPSUHKHQVLYH FROOHFWLRQ RI TXHVWLRQV DQG DQVZHUV WKDW FRYHU WKH H[DP WRSLFV %\ XVLQJ WKHVH GXPSV FDQGLGDWHV FDQ HQKDQFH WKHLU NQRZOHGJH DQG LPSURYH WKHLU FKDQFHV RI VXFFHVV LQ WKH FHUWLILFDWLRQ H[DP

3UDFWLFH 7HVWV .LOOH[DPV FRP SURYLGHV SUDFWLFH WHVWV WKURXJK WKHLU GHVNWRS 9&( H[DP VLPXODWRU DQG RQOLQH WHVW HQJLQH 7KHVH SUDFWLFH WHVWV VLPXODWH WKH UHDO H[DP HQYLURQPHQW DQG KHOS FDQGLGDWHV DVVHVV WKHLU UHDGLQHVV IRU WKH DFWXDO H[DP 7KH SUDFWLFH WHVWV FRYHU D ZLGH UDQJH RI TXHVWLRQV DQG HQDEOH FDQGLGDWHV WR LGHQWLI\ WKHLU VWUHQJWKV DQG ZHDNQHVVHV

*XDUDQWHHG 6XFFHVV .LOOH[DPV FRP RIIHUV D VXFFHVV JXDUDQWHH ZLWK WKHLU H[DP GXPSV 7KH\ FODLP WKDW E\ XVLQJ WKHLU PDWHULDOV FDQGLGDWHV ZLOO SDVV WKHLU H[DPV RQ WKH ILUVW DWWHPSW RU WKH\ ZLOO UHIXQG WKH SXUFKDVH SULFH 7KLV JXDUDQWHH SURYLGHV DVVXUDQFH DQG FRQILGHQFH WR LQGLYLGXDOV SUHSDULQJ IRU FHUWLILFDWLRQ H[DPV

8SGDWHG &RQWHQW .LOOH[DPV FRP UHJXODUO\ XSGDWHV LWV TXHVWLRQ EDQN DQG H[DP GXPSV WR HQVXUH WKDW WKH\ DUH FXUUHQW DQG UHIOHFW WKH ODWHVW FKDQJHV LQ WKH H[DP V\OODEXV 7KLV KHOSV FDQGLGDWHV VWD\ XS WR GDWH ZLWK WKH H[DP FRQWHQW DQG LQFUHDVHV WKHLU FKDQFHV RI VXFFHVV

7HFKQLFDO 6XSSRUW .LOOH[DPV FRP SURYLGHV IUHH [ WHFKQLFDO VXSSRUW WR DVVLVW FDQGLGDWHV ZLWK DQ\ TXHULHV RU LVVXHV WKH\ PD\ HQFRXQWHU ZKLOH XVLQJ WKHLU VHUYLFHV 7KHLU FHUWLILHG H[SHUWV DUH DYDLODEOH WR SURYLGH JXLGDQFH DQG KHOS FDQGLGDWHV WKURXJKRXW WKHLU H[DP SUHSDUDWLRQ MRXUQH\

'PS .PSF FYBNT WJTJU IUUQT LJMMFYBNT DPN WFOEPST FYBN MJTU

.LOO \RXU H[DP DW )LUVW $WWHPSW *XDUDQWHHG